Security Audit
openai/openai-agents-python:.agents/skills/implementation-strategy
github.com/openai/openai-agents-pythonTrust Assessment
openai/openai-agents-python:.agents/skills/implementation-strategy received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection in Release Tag Resolution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 17, 2026 (commit 965335ab). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection in Release Tag Resolution The skill instructions contain a shell command block designed to find the latest release tag. This command interpolates and executes a shell script path (`.agents/skills/final-release-review/scripts/find_latest_release_tag.sh`) and runs git commands. If an attacker can manipulate the repository structure, branch names, or the script path, this can lead to arbitrary command execution within the agent's runtime environment. Avoid executing shell scripts or raw git commands directly from untrusted repository paths. Use a secure, built-in API or a dedicated, sandboxed helper tool to retrieve git metadata and tags. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/589f332280f55eab)
Powered by SkillShield